Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Kinger,
This is a bit long, but not too bad.
You may find it easier to print it out first or make a desktop Notepad file.

You have a problem caused by installing Messenger Plus3 and agreeing to the 'Sponsor Software'.
To fix this you must first go to Add/Remove programs and Uninstall "Messenger Plus 3".
Instructions are below.
If you wish to continue using "Messenger Plus 3", you can reinstall it after your PC is clean, only without the "Sponsor Software"
Note: The Sponsor Software is a C2Media\LOP parasite.
Be aware that any update to Messenger Plus will cause the program to prompt you to install the "Sponsor Software".
-----------------------------------------------------------Download and install CCleaner from here.
Don't run CCleaner yet.
-----------------------------------------------------------Set Your Computer to Show All FilesGo to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. In addition, if you have Windows XP, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------Disable Microsoft Anti-Spyware- Open Microsoft AntiSpyware. Click on Tools, Settings.
- In the left pane, Click on Real-time Protection.
- Under Startup Options, Uncheck "Enable the Microsoft AntiSpyware Security Agents on startup (recommended)".
- Under Real-time spyware threat protection, Uncheck "Enable real-time spyware threat protection (recommended)".
- Click on the Save button and close Microsoft AntiSpyware.
- Right click on the Microsoft AntiSpyware icon on the lower right system tray and select Shutdown Microsoft AntiSpyware.
- Reboot your machine for the changes to take effect.
-----------------------------------------------------------Go to http://www.trendmicro.com, and then:
Click Free Online Scan.
Click Scan now, it's free.
It'll take a few minutes to download (especially with a dialup connection), so be patient.
When it's done:
Select all available drives.
Check Auto Clean.
Click Scan.
When the scan is complete, post back the full filename of any files that cannot be cleaned or deleted.
-----------------------------------------------------------We will try to remove the LOP infection this way first:
1. Go to Add/Remove programs. Highlight Messenger Plus!. Name may show slight variations. Click Remove.
2. The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.
3. The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.
4. If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
5. To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete, restart your computer.
-----------------------------------------------------------Run HiJackThis, click Config, click Misc Tools, click Open Process manager.
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\Program Files\Messenger Plus! 3\MsgPlus.exeNow double-check and make sure that only those item(s) above are highlighted, then click Kill process. Now, click Refresh, check again, and repeat this step if any remain.
-----------------------------------------------------------Run HiJackThis and click "Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [save curb more hope] C:\Documents and Settings\All Users\Application Data\burnroamsavecurb\Boob bash.exeO4 - HKCU\..\Run: [logbone] C:\DOCUME~1\Owner\APPLIC~1\16MORE~1\Logo Second.exeO20 - AppInit_DLLs: MsgPlusLoader.dllNow, with all windows closed except HiJackThis, click Fix checked.
-----------------------------------------------------------Locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:
folders...
C:\Program Files\Messenger Plus! 3\C:\Documents and Settings\All Users\Application Data\burnroamsavecurb\C:\DOCUME~1\Owner\APPLIC~1\16MORE~1\ <== search for the actual folder, may be c:\documents and settings\Owner\Application Data\16more.....\

and delete this file:
MsgPlusloader.dll <== search for it - likely in C:\windows\system32\;

Note that some of these file(s) or folders may or may not be present.
If present, and cannot be deleted because they're 'in use', try Ctrl-Alt Del to bring up task manager, find the file in the list, End Process, and retry deleting.
If that does not succeed, try deleting from "Safe Mode".
-----------------------------------------------------------Run CCleaner. Make sure the Cleaner block on the left is selected. Choose the Windows tab. Check everything EXCEPT cookies, and Autocomplete Form History and the Advanced part of the Menu. Choose Run Cleaner. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
-----------------------------------------------------------Post a New HJT LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply. Please do not use Word Wrap when you paste in the reply.

Kinger,
One last item to clean up( it is important), and a few suggestions for future protection.
-----------------------------------------------------------Remove log items with HighjackThis. Start HijackThis. If the opening screen shows, choose None of the above, just start the program.
Click Scan. When the Scan is complete, Check the following entry:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://vbyckctifrligofmfw.org/QpPk6A0w/ ... QSSWu.htmlMake sure all other windows except HJT are closed, and Click Fix Checked.
-----------------------------------------------------------Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html After the installation, click Download Latest Protection Updates. When it finishes, clickEnable All Protection.
-----------------------------------------------------------Install SpywareGuard. It runs in the background, like your Anti-Virus program, to stop Browser Helper Objects (BHO's) from installing. Available from http://www.javacoolsoftware.com/spywareguard.html-----------------------------------------------------------Secure the Internet Explorer - From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt - Change the Download unsigned ActiveX controls to Disable - Change the Initialize and script ActiveX controls not marked as safe to Disable - Change the Installation of desktop items to Prompt - Change the Launching programs and files in an IFRAME to - Prompt - Change the Navigate sub-frames across different domains to - Prompt - When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Press the Apply button and then the OK to exit the Internet Properties page

Good Luck. You have been very helpful to me as well. I will correct those instructions.
askey127

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.